Skip to content

build(deps): bump the minor-and-patch group with 10 updates#114

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bun/minor-and-patch-c9d3357602
Closed

build(deps): bump the minor-and-patch group with 10 updates#114
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bun/minor-and-patch-c9d3357602

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown

Bumps the minor-and-patch group with 10 updates:

Package From To
@modelcontextprotocol/sdk 1.25.1 1.29.0
vscode-languageserver-types 3.17.5 3.18.0
yaml 2.8.2 2.9.0
@types/bun 1.3.5 1.3.14
turbo 2.7.1 2.10.3
zod 4.2.1 4.4.3
better-sqlite3 12.5.0 12.11.1
nuxt 4.2.2 4.4.8
zod-to-json-schema 3.25.0 3.25.2
@tailwindcss/vite 4.1.18 4.3.2

Updates @modelcontextprotocol/sdk from 1.25.1 to 1.29.0

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.29.0

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@v1.28.0...v1.29.0

v1.28.0

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.1...v1.28.0

v1.27.1

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.0...v1.27.1

v1.27.0

What's Changed

... (truncated)

Commits

Updates vscode-languageserver-types from 3.17.5 to 3.18.0

Release notes

Sourced from vscode-languageserver-types's releases.

release/protocol/3.18.0

No release notes provided.

release/types/3.18.0

Changes:

Feature Requests:

  • #1691: Use NoInfer for better typing
  • #1692: setImmediate Implementation in browser RAL for json-rpc is not ideal.
  • #1698: RenameParams does not reference TextDocumentPositionParams interface in the JSON metamodel

Bugs:

  • #752: Edits are applied twice
  • #1717: Client requests textDocument/diagnostics before textDocument/didOpen
  • #1693: Output channel leak when stopping LanguageClient
  • #1581: Client error 'Failed to determine file type' after undoing rename with Cmd+Z
  • #1548: Extra true in the output log when a language server disconnects

Others:

  • #1785: Allow returning null in SemanticTokensFeatureShape.on handler
  • #1784: SemanticTokensFeatureShape.on handler does not allow returning null
  • #1780: Add getMessageString function to Diagnostic namespace
  • #1779: Add 3.17 version check method for Diagnostic
  • #1778: Merge next release into main
  • #1777: Update lock files for dependencies
  • #1775: Update dependencies and improve compatibility
  • #1774: Bump qs from 6.15.0 to 6.15.2
  • #1773: Implement TextDocumentSnapshot for delay open notifications
  • #1772: Prevent pulling diagnostics on untitled documents
  • #1770: Update documentation and fix lint errors
  • #1767: Inline value documentation improvements
  • #1769: Fix glob pattern documentation
  • #1768: Make document color requests consistent with the specification
  • #1766: Add optional MarkupContent support to diagnostics
  • #1751: forgetDocument is crashing the extension host
  • #1765: Fixes #1751: Prevent crash in forgetDocument when disposed
  • #1752: fix: random pipe path length extends limit on macos
  • #1764: Fixes double application of edits during renaming
  • #1762: Bump brace-expansion from 5.0.3 to 5.0.6 in /client

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by microsoft1es, a new releaser for vscode-languageserver-types since your current version.


Updates yaml from 2.8.2 to 2.9.0

Release notes

Sourced from yaml's releases.

v2.9.0

The changes here are really only patches, but I'm releasing this as a minor version to note a small change to the documentation of parseDocument() and parseAllDocuments(): I've removed the claim that they'll "never throw".

It remains the case that practically all non-malicious inputs will be handled without emitting an error, but there is a decent chance that code paths remain where e.g. a RangeError due to call stack exhaustion can be triggered by malicious inputs. Up to now, I've considered these as security vulnerabilities, and in fact it's the only category of error for which yaml CVEs have been issued so far.

Starting from this release, I'll be considering such errors as bugs, but not vulnerabilities. I do welcome people and/or LLMs looking for them, but please report them as normal issues rather than suspected security vulnerabilities. This also applies to previously undiscovered bugs in earlier releases.

  • fix: Avoid calling Array.prototype.push.apply() with large source array
  • fix(lexer): Avoid recursive calls that may exhaust the call stack

v2.8.4

  • Disable alias resolution with maxAliasCount:0 (#677)
  • Handle invalid unicode escapes (e1a1a77)
  • Apply minFractionDigits only to decimal strings (#676)

v2.8.3

  • Add trailingComma ToString option for multiline flow formatting (#670)
  • Catch stack overflow during node composition (1e84ebb)
Commits
  • ddb21b0 2.9.0
  • 167365b docs: Clarify that not all errors can be avoided
  • 6eca2a7 fix: Avoid calling Array.prototype.push.apply() with large source array
  • 0543cd5 fix(lexer): Avoid recursive calls that may exhaust the call stack
  • ccdf743 2.8.4
  • f625789 fix: Disable alias resolution with maxAliasCount:0 (#677)
  • e1a1a77 fix: Handle invalid unicode escapes
  • a163ea0 style: Satify Prettier
  • b2a5a6c fix: Apply minFractionDigits only to decimal strings (#676)
  • 93c951b chore: Bump JSR version to v2.8.3 (#673)
  • Additional commits viewable in compare view

Updates @types/bun from 1.3.5 to 1.3.14

Commits

Updates turbo from 2.7.1 to 2.10.3

Release notes

Sourced from turbo's releases.

Turborepo v2.10.3

What's Changed

Changelog

... (truncated)

Commits
  • 9980449 publish 2.10.3 to registry
  • bc32fcc fix: Correct gitignore precedence in untracked walk and memoize matcher chain...
  • dccab93 fix: Harden TUI terminal restore during shutdown (#13220)
  • 65efe27 fix: Remove devtools feature flag (#13219)
  • c2115dc refactor: Use upstream libghostty-vt crates instead of vendored bindings (#13...
  • c3c91ab fix: Include untracked symlinks in repo-index dirty hash (#13218)
  • b521d32 perf: Derive dirty hash from repo index (#13213)
  • 28d1871 perf: Replace per-package graph traversals in scope filtering (#13212)
  • 148b1dd perf: Cache env wildcard matches across tasks during hashing (#13210)
  • 61d6013 feat: Automatically copy TUI selection to clipboard on mouse release (#13208)
  • Additional commits viewable in compare view

Updates zod from 4.2.1 to 4.4.3

Release notes

Sourced from zod's releases.

v4.4.3

Commits:

  • 4c2fa95ce3f3390fbc522324e406b4e9e89b88f9 docs: use Zernio primary wordmark for gold sponsor logo
  • 2aeec83eb135e3a83756e973ef44845fc5a455d2 docs: prune lapsed gold sponsors and rebalance logo sizing
  • 7391be88ac1ee5cd02057f5ccc012a1f5df4efd0 docs: prune lapsed silver/bronze sponsors and add active ones
  • 2c703322a21b4e2b12f33f49ea8430c451a68b4f docs: normalize bronze sponsor logos to github avatar pattern
  • 9195250cab0e7950efe39c3926d6c203b4b0a170 docs: remove Mintlify from bronze sponsors (churned)
  • b8dffe9e62f17e6571e6249d05cc5102b54d94e4 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)
  • 1cab69383fcdeae2a366d5e2a2fc4d8fc765d168 fix(v4): restore catch handling for absent object keys (#5937) (#5939)
  • c2be4f819064eed62c7c350a2d399b5faecd15f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent keys (#5941)
  • f3c9ec03ba7a28ae72d25cc295f38674bee0f559 4.4.3
  • 1fb56a5c18c27102dbc92260a4007c7732a0ccca docs: document release procedure in AGENTS.md

v4.4.2

Commits:

  • 0c62df0ea19fd05abdf90473e9eef7eea530fab2 Clean up docs navigation and stale labels (#5901)
  • 20cc794895cc8604fe0c87d83a5d1c3f89fad0ac chore: add security policy and refresh tooling deps
  • 6fbe07b0177efdd1bf1c0b05160e70d7a0702337 fix(docs): heading anchor links now include the hash so it doesnt scoll all the way up, follows navbar logic (#5791)
  • 4bbed1b1c73eca4ce9e59b1189ed236aa6c8b5bd Tighten discriminated union option typing
  • bbac3e567e7fccfaaf7cdc97f1ce30c295e2c908 Update PR guidance for agents
  • cf0dc942a32805c292fff59ade20a7ace980735a Merge remote-tracking branch 'origin/main' into fix-discriminated-union-key-constraint
  • 292c894a5fd2aa42e527900b83d8d7a3009a709c docs: add Zernio gold sponsor
  • 1fc9f311c28dcf80d0bb5a36b177086cbc3d8eca docs: document codec inversion
  • 1373c85da9aeff704a9762d27bc58699618aefb7 docs: remove AI disclosure guidance
  • e20d02b473c08e3a4e557bc610b1b5fac079b649 chore: ignore triage notes
  • e58ea4d91b1dfe8194b73508203213cbc7e9c936 docs: test Zod Mini tab code heights
  • 905761a5d127e8d5dd2ebb3bc88c75cb0b8149ff docs: document preprocess input type narrowing
  • bf64bac850d4dee2b7dde7e64909d5d796d32043 chore: tighten test guidance in AGENTS.md
  • 8ec4e73f4c4693b6361ad591be40fb41eb8a9f95 chore: update play.ts scratch
  • 02c2baf7d0d615872fa4528a8020603b71211702 Make z.preprocess defer optionality to inner schema (#5929)
  • 88015df8e25c44fb5385eb3ef28935119cd5edea fix(docs): drop deprecated baseUrl from tsconfig
  • c59d4474e3b4cad1b323462186cf607178ce8267 4.4.2

v4.4.1

Commits:

  • 481f7be4238c83ed58183f921b2646f340a91c6a ci: gate release publishing on full test workflow
  • 95ccab423aec720b2523c3a64cdc7e3204537cc7 test(v3): restore optional undefined expectations
  • cede2c63739a5823d6aa5093d291e9a111da943d fix(v4): reject tuple holes before required defaults (#5900)
  • edd0bf0f5ada4a8dc581c259407d7bbad0a71ea7 release: 4.4.1
  • 180d83d1dbe6a59260710cc8637a3dea2281ee56 docs: remove Jazz featured sponsor

v4.4.0

4.4.0

This is a minor release with a wide set of correctness and soundness fixes. Some fixes intentionally make Zod stricter, so code that depended on previously accepted invalid or ambiguous inputs may need small updates.

Potentially breaking bug fixes

... (truncated)

Commits
  • 1fb56a5 docs: document release procedure in AGENTS.md
  • f3c9ec0 4.4.3
  • c2be4f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent...
  • 1cab693 fix(v4): restore catch handling for absent object keys (#5937) (#5939)
  • b8dffe9 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)
  • 9195250 docs: remove Mintlify from bronze sponsors (churned)
  • 2c70332 docs: normalize bronze sponsor logos to github avatar pattern
  • 7391be8 docs: prune lapsed silver/bronze sponsors and add active ones
  • 2aeec83 docs: prune lapsed gold sponsors and rebalance logo sizing
  • 4c2fa95 docs: use Zernio primary wordmark for gold sponsor logo
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for zod since your current version.


Updates better-sqlite3 from 12.5.0 to 12.11.1

Release notes

Sourced from better-sqlite3's releases.

v12.11.1

What's Changed

Full Changelog: WiseLibs/better-sqlite3@v12.11.0...v12.11.1

v12.11.0

⚠️CAUTION: NOT A VIABLE RELEASE

Use v12.11.1 instead.

What's Changed

Full Changelog: WiseLibs/better-sqlite3@v12.10.1...v12.11.0

v12.10.1

What's Changed

Full Changelog: WiseLibs/better-sqlite3@v12.10.0...v12.10.1

v12.10.0

What's Changed

Full Changelog: WiseLibs/better-sqlite3@v12.9.1...v12.10.0

v12.9.1

⚠️CAUTION: NOT A VIABLE RELEASE

Electron v39+ prebuilds are not building successfully at the moment. Stick to v12.9.0 for now.

What's Changed

New Contributors

Full Changelog: WiseLibs/better-sqlite3@v12.9.0...v12.9.1

... (truncated)

Commits

Updates nuxt from 4.2.2 to 4.4.8

Release notes

Sourced from nuxt's releases.

v4.4.8

4.4.8 is a hotfix release to address an issue running the dev server on MacOS.

👉 Changelog

compare changes

🩹 Fixes

  • vite: Shorter socket name for macOs with tmp fallback (#35265)
  • kit: Respect type option in findPath (#35272)
  • deps: Update nuxt/scripts presets (905621594)
  • nuxt: Revert unhead dependency back to v2 (e6d578fea)

📖 Documentation

  • Fix many typos (#35266)
  • Explain static fallback pages (#35277)
  • Change null to undefined in data-fetching docs to match actual types (#35301)
  • Fix broken internal links, useAsyncData watch type, and NuxtError type (#35303)

❤️ Contributors

v4.4.7

4.4.7 is a security hotfix release.

👉 make sure to check https://github.com/nuxt/nuxt/security/advisories to view open advisories resolved by this release.

👉 Changelog

compare changes

🩹 Fixes

  • nitro: Assign noSSR before deciding payload extraction (#35108)
  • vite: Avoid filtering out dirs with shared prefix from allowDirs (#35112)
  • nuxt: Use resolve from pathe for buildCache path boundary check (#35111)
  • nuxt: Prevent sibling-directory traversal in test component wrapper (#35110)
  • nitro: Pass event data to isValid in dev clipboard-copy listener (#35109)
  • nuxt: Validate protocols in reloadNuxtApp path before reload (#35115)
  • vite: Prefix public asset virtuals with null byte (9e303b438)
  • nuxt: Re-run getCachedData after initial fetch (#35122)
  • nuxt: Propagate useFetch/useAsyncData factory types (#35133)
  • vite: Close vite dev server on nuxt close (a10a68abc)
  • kit,nuxt: Handle cancelling prompts to install packages (e84813229)
  • kit: Avoid excluding node-context files in legacy tsconfig (#35152)
  • nuxt: Handle missing payload in chunkError listener (#35155)
  • nuxt: Await in-lifght template generation when closing nuxt (#35181)
  • nuxt: Clarify page and layout usage warnings (#35184)
  • webpack: Surface compilation errors when stats.toString is empty (073b07851)
  • nuxt: Reject prototype-chain keys in the island registry (#35205)

... (truncated)

Commits
  • 2bfc2c8 v4.4.8
  • e6d578f fix(nuxt): revert unhead dependency back to v2
  • 9056215 fix(deps): update nuxt/scripts presets
  • b7d5790 v4.4.7
  • dbc5896 chore: lint
  • e447a79 fix(nuxt): reject cross-origin paths in reloadNuxtApp
  • d72a89e refactor(nuxt): replace runInNewContext with AST walker
  • 2cce6fb fix(nuxt): block path-normalization open redirect in navigateTo
  • 0103ce0 fix(nuxt): reject script-capable protocols in \<NuxtLink> href
  • 07e39cd fix(nuxt): match route rules case-insensitively to mirror vue-router
  • Additional commits viewable in compare view

Updates zod-to-json-schema from 3.25.0 to 3.25.2

Changelog

Sourced from zod-to-json-schema's changelog.

Changelog

Version Change
3.25.2 Bumps the peer dependency of Zod 3 to 3.25.28 - Versions before patch 13 caused OOM issues and versions between that and 28 removed the /v3 import alias.
3.25.1 Fixes large install size due to accidental inclusion of test files. Thanks, Felix Mosheev!
3.25.0 Adds support for v3.25 and v3 through v4 (import { z } from "zod/v3"). Big thank you to both Andrey Gubanovs and especially to Faïz Hernawan Abdillah, whose more minimal implementation was merged. This will likely be the final release of zod-to-json-schema, as v4 now supports JSON schema natively.
3.24.6 Removed use of instanceOf to check for optional properties as differing package versions could produce intermittent bugs. Added OpenAiAnyType to work around their schema restrictions.
3.24.5 Update .npmignore to drop 2 mb of test files. Thanks Misha Kaletsky!
3.24.4 Added options to set the value of additionalProperties in objects and record
3.24.3 Adds postProcess callback option
3.24.2 Restructured internals to remove circular dependencies which apparently might cause some build systems to whine a bit. Big thanks to Víctor Hernández for the fix.
3.24.1 Adds OpenAI target
3.24.0 Implements new string checks (jwt, base64url, cidr ipv4/v6), matching the new Zod version
3.23.5 Module import hotfix by Enzo Monjardín. Thanks!
3.23.4 Fixes branded regex property names and a weird edgecase in arrays. Thanks to Isaiah Marc Sanchez and Mitchell Merry!
3.23.3 More tests (Thanks Brett Zamir!), removed dead code
3.23.2 Lazily loads Emoji regex to avoid incompatibility with some environments. Thanks Jacob Lee!
3.23.1 Best-effort RegEx flag support by Spappz! Some minor fixes and additions, such as the title option.
3.23.0 Adds support for base64, date, time, duration and nanoid string validations. A warm welcome and a big thanks to Colin, the creator of Zod, joining in as a contributor :)
3.22.5 Adds new z.date() parsing options and override callback
3.22.4 Adds fix for nullable references in OpenAPI mode
3.22.3 Adjust root path from "#/" to "#" according to RFC 6901
3.22.2 Adds "output" pipe strategy
3.22.1 Fixes broken imports when using some bundlers
3.22.0 Support readonly. Export both CJS and ESM. Export everything from index. Alternative map parser. Improved pattern handling and updated sources.
3.21.4 Fixes missing support for exact array length
3.21.3 Fixes issue #77 (Reference path to nullable schemas in Open-API mode)
3.21.2 Adds "integer" type Date output to support min/max checks, markdownDescription option, fixes "none" refStrategy by adding "seen" and adds an option to use "pattern" with Zods' email enum instead of "format".
3.21.1 New target (2019-09) along with improved intersection schemas, improved mutual recursion references in definitions, descriptions respected in union parser and not removed in collapsed
3.21.0 Added new string validations (ip, emoji, etc) and BigInt checks to support Zod 3.21
3.20.5 Added uniqueItems to Set and an option to disregard pipe schemas
3.20.4 Bugfixes and improved record parsing for openApi3
3.20.3 Added Cuid2 support introduced in Zod 3.20.3
3.20.2 Reintroduced conditional simplified return-type for when target is OpenAPI 3
3.20.1 Fixed inconsistent casing in imports
3.20.0 Adds support for Zod 3.20 with catch and pipe parser as well as new string validations. Refactored Ref handling; adding definitions no longer considered experimental. Main API function refact...

Description has been truncated


Summary by cubic

Update 10 dependencies across the monorepo to pick up security fixes, newer types, and improved Nuxt/Turbo/Bun compatibility. Standardizes on zod@4 and updates @modelcontextprotocol/sdk, LSP types, nuxt, turbo, yaml, and better-sqlite3.

  • Dependencies

    • @modelcontextprotocol/sdk 1.25.1 → 1.29.0
    • vscode-languageserver-types 3.17.5 → 3.18.0
    • yaml 2.8.2 → 2.9.0
    • turbo 2.7.1 → 2.10.3
    • zod 4.2.1 → 4.4.3 (pin to v4)
    • better-sqlite3 12.5.0 → 12.11.1
    • nuxt 4.2.2 → 4.4.8
    • zod-to-json-schema 3.25.0 → 3.25.2
    • @tailwindcss/vite 4.1.18 → 4.3.2
    • @types/bun 1.3.5 → 1.3.14
  • Migration

    • No code changes required. Run your package manager install.
    • zod is now v4-only; update any remaining v3 imports/usages.

Written for commit 4d50d71. Summary will update on new commits.

Bumps the minor-and-patch group with 10 updates:

| Package | From | To |
| --- | --- | --- |
| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.25.1` | `1.29.0` |
| [vscode-languageserver-types](https://github.com/Microsoft/vscode-languageserver-node/tree/HEAD/types) | `3.17.5` | `3.18.0` |
| [yaml](https://github.com/eemeli/yaml) | `2.8.2` | `2.9.0` |
| [@types/bun](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/bun) | `1.3.5` | `1.3.14` |
| [turbo](https://github.com/vercel/turborepo) | `2.7.1` | `2.10.3` |
| [zod](https://github.com/colinhacks/zod) | `4.2.1` | `4.4.3` |
| [better-sqlite3](https://github.com/WiseLibs/better-sqlite3) | `12.5.0` | `12.11.1` |
| [nuxt](https://github.com/nuxt/nuxt/tree/HEAD/packages/nuxt) | `4.2.2` | `4.4.8` |
| [zod-to-json-schema](https://github.com/StefanTerdell/zod-to-json-schema) | `3.25.0` | `3.25.2` |
| [@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite) | `4.1.18` | `4.3.2` |


Updates `@modelcontextprotocol/sdk` from 1.25.1 to 1.29.0
- [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases)
- [Commits](modelcontextprotocol/typescript-sdk@1.25.1...v1.29.0)

Updates `vscode-languageserver-types` from 3.17.5 to 3.18.0
- [Release notes](https://github.com/Microsoft/vscode-languageserver-node/releases)
- [Commits](https://github.com/Microsoft/vscode-languageserver-node/commits/release/types/3.18.0/types)

Updates `yaml` from 2.8.2 to 2.9.0
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.8.2...v2.9.0)

Updates `@types/bun` from 1.3.5 to 1.3.14
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/bun)

Updates `turbo` from 2.7.1 to 2.10.3
- [Release notes](https://github.com/vercel/turborepo/releases)
- [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md)
- [Commits](vercel/turborepo@v2.7.1...v2.10.3)

Updates `zod` from 4.2.1 to 4.4.3
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Commits](colinhacks/zod@v4.2.1...v4.4.3)

Updates `better-sqlite3` from 12.5.0 to 12.11.1
- [Release notes](https://github.com/WiseLibs/better-sqlite3/releases)
- [Commits](WiseLibs/better-sqlite3@v12.5.0...v12.11.1)

Updates `nuxt` from 4.2.2 to 4.4.8
- [Release notes](https://github.com/nuxt/nuxt/releases)
- [Commits](https://github.com/nuxt/nuxt/commits/v4.4.8/packages/nuxt)

Updates `zod-to-json-schema` from 3.25.0 to 3.25.2
- [Release notes](https://github.com/StefanTerdell/zod-to-json-schema/releases)
- [Changelog](https://github.com/StefanTerdell/zod-to-json-schema/blob/master/changelog.md)
- [Commits](https://github.com/StefanTerdell/zod-to-json-schema/commits)

Updates `@tailwindcss/vite` from 4.1.18 to 4.3.2
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.2/packages/@tailwindcss-vite)

---
updated-dependencies:
- dependency-name: "@modelcontextprotocol/sdk"
  dependency-version: 1.29.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: vscode-languageserver-types
  dependency-version: 3.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: yaml
  dependency-version: 2.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@types/bun"
  dependency-version: 1.3.14
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: turbo
  dependency-version: 2.10.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: zod
  dependency-version: 4.4.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: better-sqlite3
  dependency-version: 12.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: nuxt
  dependency-version: 4.4.8
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: zod-to-json-schema
  dependency-version: 3.25.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@tailwindcss/vite"
  dependency-version: 4.3.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 3, 2026
@greptile-apps

greptile-apps Bot commented Jul 3, 2026

Copy link
Copy Markdown

PR author is in the excluded authors list.

@socket-security

Copy link
Copy Markdown

@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm better-sqlite3 is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: apps/docs/package.jsonnpm/better-sqlite3@12.11.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/better-sqlite3@12.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm node-forge is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?npm/nuxt@4.4.8npm/node-forge@1.4.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/node-forge@1.4.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm powershell-utils is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?npm/nuxt@4.4.8npm/powershell-utils@0.1.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/powershell-utils@0.1.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm seroval is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?npm/nuxt@4.4.8npm/seroval@1.5.4

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/seroval@1.5.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@sonarqubecloud

sonarqubecloud Bot commented Jul 3, 2026

Copy link
Copy Markdown

@codecov

codecov Bot commented Jul 3, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@dependabot @github

dependabot Bot commented on behalf of github Jul 10, 2026

Copy link
Copy Markdown
Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 10, 2026
@dependabot dependabot Bot deleted the dependabot/bun/minor-and-patch-c9d3357602 branch July 10, 2026 07:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants